Appl. No. 10/705,212 PATENT 
Amdt. dated July 7, 2009 
Amendment 
Examining Group 3621 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

Claim 1 . (Currently Amended) An electronic commerce card authentication 
system comprising: 

a merchant system wherein the merchant system: 

sends a verifying enrollment request to a directory server, the verifying 
enrollment request including at least a portion of an electronic commerce card account number; 

receives a verifying enrollment response from the directory server, the 
verifying enrollment response including a web site hosted by a central transaction server, the 
verifying enrollment response further including a pseudonym corresponding to the electronic 
commerce card account number, the pseudonym expiring after a predetermined period of time; 

sends an authentication request to a cardholder system in a web page 
having an HTTP redirect command comprising the web site hosted by the central transaction 
server, the web page further including a URL for returning information to the merchant system, 
the authentication request including the pseudonym corresponding to the electronic commerce 
card account number; 

receives an authentication response from the cardholder system at the 
URL for returning information to the merchant system; and 

analyzes the authentication response to determine if the electronic 
commerce card account number has been successfully authenticated and initiates a payment 
request process by submitting the electronic commerce card account number to an issuer of the 
electronic commerce card account number; 

the directory server wherein the directory server: 

receives the verifying enrollment request from the merchant server; 

forwards the verifying enrollment request to the central transaction server; 

Page 2 of 20 



Appl.No. 10/705,212 
Amdt. dated July 7, 2009 
Amendment 
Examining Group 3621 



PATENT 



receives the verifying enrollment response from the central transaction 



server; and 



forwards the verifying enrollment response to the merchant system; and 
the [[a]] central transaction server wherein the central transaction server: 
receives the verifying enrollment request from the directory server; 
sends the verifying enrollment response to the directory server; 
receives the [[an]] authentication request from the [[a]] cardholder system, 



at the web site hosted by the central transaction server in response to the HTTP redirect 
command sent by the merchant system to the cardholder system; wherein the authentication 
request was previously forwarded from a merchant system using an HTTP redirect command 



the pseudonym expires after a predetermined period of time, whoroin the pseudonym is used for 
authentication; 

forwards the authentication request to an access control server; 

relays authentication information between the access control server and 

the cardholder system; 

receives an authentication response from the access control server; 

forwards a copy of the authentication response to an authentication history 
server to be archived; and 

forwards the authentication response to the cardholder system. , wherein 
the authentication response includes a second HTTP redirect command comprising the address of 
the merchant, whoroin the cardholder system thereafter forwards the authentication response to 
the merchant system, wherein the merchant system analyzes the authentication response to 
determine if the electronic commerce card account number has been successfully authenticated 
and initiates a payment request process by submitting the electronic commcrco card account 
number to an issuer of the oloctronic commerce card account number. 



comprising the address of the central transaction serv< 
includ e s a ps e udonym corr e sponding to an e lectronic 



/herein the authentication request 
im e rc e card account numb e r, wh e r e in 
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Claim 2. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the authentication response is translated to a format compatible with 
a merchant system. 

Claim 3. (Canceled) 

Claim 4. (Canceled) 

Claim 5. (Currently Amended) The electronic commerce card authentication 
system of claim [[4]] J_, wherein the central transaction server sends the verifying enrollment 
response in response to a query to the access control server. 

Claim 6. (Currently Amended) The electronic commerce card authentication 
system of claim [[4]] 1, wherein the central transaction server sends the verifying enrollment 
response to the directory server with or without querying the access control server, and further 
queries the access control server in response to receiving an authentication request. 

Claim 7. (Previously Presented) The electronic commerce card authentication 
system of claim 1, wherein the pseudonym was previously created by the central transaction 
server. 

Claim 8. (Previously Presented) The electronic commerce card authentication 
system of claim 1 , wherein the pseudonym was created by a merchant system. 

Claim 9. (Canceled) 

Claim 10. (Currently Amended) A method of authenticating electronic commerce 
card information provided by a cardholder, the method comprising: 
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sending a verifying enrollment request from a merchant system to a directory 
server, the verifying enrollment request including at least a portion of an electronic commerce 
card account number; 

sending the verifying enrollment request from the directory server to a central 
transaction server; 

sending a verifying enrollment response from the central transaction server to the 
directory server, the verifying enrollment response including a web site hosted by the central 
transaction server, the verifying enrollment response further including a pseudonym 
corresponding to the electronic commerce card account number, the pseudonym expiring after a 
predetermined period of time; 

sending the verifying enrollment response from the directory server to the 
merchant system; 

sending an authentication request to a cardholder system in a web page having an 
HTTP redirect command comprising the web site hosted by the central transaction server, the 
web page further including a URL for returning information to the merchant system, the 
authentication request including the pseudonym corresponding to the electronic commerce card 
account number; 

receiving [[an]] the authentication request from [[a]] the cardholder system, at the 
web site hosted by the central transaction server in response to the HTTP redirect command sent 
by the merchant system to the cardholder system; wherein the authentication request was 
previously forwarded from a merchant system using an HTTP redirect command comprising the 
address of a central transaction server, wherein the authentication request includes a pseudonym 
corresponding to an electronic commerce card account number, wherein the pseudonym expires 
after a predetermined period of time, wherein the pseudonym is used for authentication; 

forwarding the authentication request to an access control server; 

relaying , at the central transaction server, authentication information between the 
access control server and the cardholder system; 
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receiving an authentication response from the access control server at the central 
transaction server ; and 

forwarding a copy of the authentication response to an authentication history 
server to be archived; 

forwarding the authentication response to the cardholder system from the central 
transaction server; , whoro - in the authentication response includes a second HTTP redirect 
command comprising the address of the merchant, wherein the cardholder system thereafter 
forwards the authentication response to the merchant system, wherein the merchant system 
analyzes the authentication response to determine if the electronic commerce card account 
number has boon successfully authenticated and initiates initiating a payment request process by 
submitting the electronic commerce card account number to an issuer of the electronic commerce 
card account numb e r- 
receiving the authentication response from the cardholder system at the URL for 
returning information to the merchant system; and 

analyzing the authentication response at the merchant system to determine if the 
electronic commerce card account number has been successfully authenticated and initiating a 
payment request process by submitting the electronic commerce card account number to an 
issuer of the electronic commerce card account number. 

Claim 11. (Previously Presented) The method of claim 10, wherein the 
authentication response is translated to a format compatible with a merchant system. 

Claim 12. (Canceled) 

Claim 13. (Canceled) 

Claim 14. (Currently Amended) The method of claim [[13]] 10, wherein the 
verifying enrollment response is sent in response to a query to the access control server. 
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Claim 15. (Currently Amended) The method of claim [[13]] 10, wherein the 
verifying enrollment response is sent to the directory server without querying the access control 
server, and further comprising querying the access control server in response to receiving an 
authentication request. 

Claim 16. (Previously Presented) The method of claim 10, wherein the 
authentication request was previously created by the central transaction server. 

Claim 17. (Currently Amended) The method of claim 10, wherein the-pseudonym 
was previously created by [[a]] the merchant system. 

Claim 18. (Canceled) 

Claim 19. (Currently Amended) An information storage medium including a set 
of instructions to operate an information processing device to perform a set of steps, the set of 
steps comprising: 

receiving a verifying enrollment request from a directory server; 

sending a verifying enrollment response to the directory server; 

receiving an authentication request from a cardholder system, at a web site hosted 
by a central transaction server in response to an HTTP redirect command sent by a merchant 
system to the cardholder system, the HTTP redirect command comprising the address of the 
central transaction server and including a pseudonym corresponding to an electronic commerce 
card account number; 

receiving an authentication request from a cardholder system, wherein the 
authentication request was previously forwarded from a merchant system using an HTTP redirect 
command comprising the address of the central transaction server, wherein the authentication 
request includes a pseudonym corresponding to an electronic commerce card account number, 
wherein the pseudonym expires after a predetermined period of time, wherein the pseudonym is 
used for authentication; 
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forwarding the authentication request to an access control server; 

relaying authentication information between the access control server and the 
cardholder system; 

receiving an authentication response from the access control server; 

forwarding a copy of the authentication response to an authentication history 
server to be archived; and 

forwarding the authentication response to the cardholder system, wherein the 
authentication response includes a URL for returning information to the merchant, second HTTP 
redirect command comprising the address of the merchant, wherein the cardholder system 
thereafter forwarding forwards the authentication response to the merchant system, wherein the 
merchant system analyzes the authentication response to determine if the electronic commerce 
card account number has been successfully authenticated and initiates a payment request process 
by submitting the electronic commerce card account number to an issuer of the electronic 
commerce card account number. 

Claim 20. (Previously Presented) The information storage medium of claim 19, 
wherein the authentication response is translated to a format compatible with a merchant system. 

Claim 21. (Canceled) 

Claim 22. (Canceled) 

Claim 23. (Currently Amended) The information storage medium of claim 19_ 22, 
wherein the verifying enrollment response is sent in response to a query to the access control 
server. 

Claim 24. (Currently Amended) The information storage medium of claim 19 22, 
wherein the verifying enrollment response is sent to the directory server without querying the 
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access control server, and the set of steps further comprise querying the access control server in 
response to receiving an authentication request. 

Claim 25. (Previously Presented) The information storage medium of claim 19, 
wherein the pseudonym was previously created by the central transaction server. 

Claim 26. (Previously Presented) The information storage medium of claim 19, 
wherein the pseudonym was previously created by a merchant system. 

Claim 27. (Canceled) 

Claim 28. (Original) The method of claim 14, further comprising: 
receiving the verifying enrollment response from the access control server in 
response to the query; and 

forwarding the verifying enrollment response to the directory server. 

Claim 29. (Original) The method of claim 28, further comprising: 
modifying the verifying enrollment response received from the access control 

server; and 

forwarding the modified verifying enrollment response to the directory server. 

Claim 30. (Currently Amended) The information storage medium of claim 19 22, 
further comprising: 

receiving the verifying enrollment response from the access control server in 
response to the query; and 

forwarding the verifying enrollment response to the directory server. 

Claim 31. (Original) The information storage medium of claim 30, further 

comprising: 
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modifying the verifying enrollment response received from the access control 

server; and 

forwarding the modified verifying enrollment response to the directory server. 

Claim 32. (Previously Presented) The system of claim 1 wherein the payment 
request process includes a charge request, wherein the charge request is generated by a merchant 
and is subsequently sent to an acquirer. 

Claim 33. (Previously Presented) The method of claim 10 wherein the payment 
request process includes a charge request, wherein the charge request is generated by a merchant 
and is subsequently sent to an acquirer. 

Claims 34.-37.(Canceled) 

Claim 38. (Previously Presented) The system of claim 1, wherein the central 
transaction server further hosts at least one web page. 

Claims 39.-40. (Canceled) 

Claim 41. (Previously Presented) The system of claim 1 wherein the 
predetermined time is 5 minutes. 

Claim 42. (Canceled) 

Claim 43. (Currently Amended) The method system of claim 1 wherein the 
payment request process includes a cardholder authentication verification value which indicates 
the electronic commerce card has been successfully authenticated. 
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Claim 44. (Previously Presented) The method of claim 10 wherein the payment 
request process includes a cardholder authentication verification value which indicates the 
electronic commerce card has been successfully authenticated. 

Claim 45. (New) The system of claim 1, wherein the central transaction server 
and the directory server are integrated into a single server. 

Claim 46. (New) The method of claim 10, further comprising substituting the 
authentication response from the access control server with a response generated by the central 
transaction server. 
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